fix rootless support

Signed-off-by: kim (grufwub) <grufwub@gmail.com>
4 years ago · e03ff381e3
parent 0893652b65
commit e03ff381e3
1 changed files with 16 additions and 23 deletions
--- a/gophor.go
+++ b/gophor.go
@ -136,9 +136,16 @@ func setupServer() []*GophorListener {
            /* These values should be coming straight out of /etc/passwd, so assume safe */
            uid, _ = strconv.Atoi(user.Uid)
            gid, _ = strconv.Atoi(user.Gid)
+
+            /* Double check this isn't a privileged account */
+            if uid == 0 || gid == 0 {
+                Config.LogSystemFatal("Gophor does not support running with any kind of privileges, please supply a non-root user account\n")
+            }
        }
    } else {
-        if *execAs != "" {
+        if syscall.Getuid() == 0 || syscall.Getgid() == 0 {
+            Config.LogSystemFatal("Gophor (obviously) does not support running rootless, as root -.-\n")
+        } else if *execAs != "" {
            Config.LogSystemFatal("Gophor does not support dropping privileges when running rootless\n")
        }
    }
@ -247,29 +254,15 @@ func chrootServerDir(path string) {
 }

 func setPrivileges(execUid, execGid int) {
-    /* Check root privileges aren't being requested */
-    if execUid == 0 || execGid == 0 {
-        Config.LogSystemFatal("Gophor does not support directly running as root\n")
+    /* C-bind setgid */
+    result := C.setgid(C.uint(execGid))
+    if result != 0 {
+        Config.LogSystemFatal("Failed setting GID %d: %d\n", execGid, result)
    }

-    /* Get currently running user info */
-    uid, gid := syscall.Getuid(), syscall.Getgid()
-
-    /* Set GID if necessary */
-    if gid != execUid {
-        /* C-bind setgid */
-        result := C.setgid(C.uint(execGid))
-        if result != 0 {
-            Config.LogSystemFatal("Failed setting GID %d: %d\n", execGid, result)
-        }
-    }
-
-    /* Set UID if necessary */
-    if uid != execGid {
-        /* C-bind setuid */
-        result := C.setuid(C.uint(execUid))
-        if result != 0 {
-            Config.LogSystemFatal("Failed setting UID %d: %d\n", execUid, result)
-        }
+    /* C-bind setuid */
+    result = C.setuid(C.uint(execUid))
+    if result != 0 {
+        Config.LogSystemFatal("Failed setting UID %d: %d\n", execUid, result)
    }
 }